4 Cyber Threats to Monitor at the 2018 Winter Olympics

When eleven-time U.S. Olympic medalist Mark Spitz said “If you fail to prepare, you’re prepared to fail,” he was talking about Olympic athletes, but the same could be said to cybersecurity professionals in the lead-up to the 2018 Winter Olympics, hosted in Pyeongchang, South Korea.  

For more than a decade, state-sponsored, hacktivist, and criminal cyber activities have been mainstays of the world’s premier sports event, and we’ve already seen evidence of Olympics-related cyber-espionage and cybercriminal operations in 2018. Here's what network defenders should watch for this year.

1.  Cyber Espionage: Lurking in the Shadows

The Olympics attract the eyes of the world—a fact that drives many governments to seek advanced warning of incidents that may cast them in a negative light during the event. Athletic organizations, foreign government organizations, and media outlets are just a few examples of organizations that may be targeted for this information. Alleged Russian government hackers are suspected of having targeted Olympic organizations for this purpose during the 2016 Rio Olympics and now again during the run-up to 2018’s Winter Games.

The Games also provide ample opportunity for state-sponsored actors to target visiting politicians, executives, journalists, and other individuals who may be sources of intelligence on a variety of topics. Compromised hotel and public WiFi networks, and even intrusions into major network infrastructure  can be used to spy on high-powered Olympics visitors. Late December 2017 reports of Olympic organizations receiving malware-laced phishing emails suggest that traditional cyber espionage may already be underway. However, most cyber espionage will likely remain in the shadows, perhaps coming to light only well after the operations end.

2.  Noisy Influence Operations are The Most Persistent Threat

Russian information warfare often attempts to drag down adversaries by embroiling them in controversy. Olympic organizers appear to be in the crosshairs of such operations following allegations of doping by Russian athletes. Fancy Bears’ Hacking Team (FBHT)—a hacktivist organization allegedly associated with the Russian government—has repeatedly leaked confidential data from multiple Olympics organizations, beginning in the lead-up to the 2016 Summer Olympics in Rio and continuing to the 2018 Winter Olympics. The leaks appear to be an attempt to undermine the legitimacy of Olympic regulatory bodies and portray Russia as the true victim of a sporting regime built on hypocrisy. FBHT’s latest attempt to stir the pot may extend past the conclusion of the 2018 Games. 

3.  Cybercriminals Could Prey on Fans Using Olympics-Themed Lures

The Olympics present cybercriminals with a massive audience primed for social engineering. Opportunities abound to lure fans into unwittingly installing malware on their devices, disclosing sensitive information (e.g., credit card numbers, login credentials), or falling prey to a host of other nefarious schemes. In past Games, cybercriminals have deceived victims with Olympics-themed phishing emails, fake malware-hosting Olympics “live streaming” websites, and Olympics-themed malicious mobile applications. It’s highly likely that these tactics will prove equally attractive during the 2018 Winter Games.

On the ground, an influx of unsuspecting Olympics spectators provides cybercriminals with an enticing target. Rogue Internet hotspots, compromised ATMs and point-of-sale systems, and compromised hotel and public WiFi networks are just a few of the proximity-based cybercriminal tactics that we expect to be employed in Pyeongchang. During the 2016 Rio Olympics, security researchers discovered multiple phony wireless networks distributed throughout the city, many presumably setup to compromise users.

4.  Issue-Driven Olympic Hacktivists: A Sporadic Threat

Hacktivist attacks against the Olympics, sponsoring-organizations, and even organizations not directly affiliated with the Olympics remain a possibility. The threat, however, is sporadic, non-persistent, and largely issue-driven, meaning that hacktivist attacks may arise with little notice, but will probably be relatively short-lived. Attacks may be directly related to the Olympics, or in response to completely unrelated geopolitical, economic, or social issues. In one example, Chinese hacktivists launched a DDoS attack against the Australian competitive swimming association in 2016 after an Australian athlete called a Chinese competitor a “drug cheat.”

We consider it unlikely that cybercriminals will use completely new, highly advanced tactics to target victims during the 2018 Olympics. Observed activity from previous Olympics suggests that spear-phishing emails, email-attached malicious documents, and links to credential phishing pages will be used to initiate most cyber attacks. In fact, this is a trend that we are already seeing unfold in the run-up to Pyeongchang.

Network defenders need to remain vigilant to proven network intrusion tactics during the Games, and network users should give extra scrutiny to website links or email-attached documents that reference the Olympics. Travelers to the Olympics can reduce the likelihood of some Internet-based attacks by using virtual private networks (VPN) when connecting to unknown networks, or avoiding the use of free, unsecured public Internet hotspots altogether.